Cisco Firewall Port Forwarding
Sep20

Cisco Firewall Port Forwarding

KB ID 0000077 Problem Note: If your firewall is running a version older than 8.3 you will need to scroll down the page. Port forwarding on Cisco firewalls can be a little difficult to get your head around, to better understand what is going on remember in the “World of Cisco” you need to remember two things….. 1. NAT Means translate MANY addresses to FEW Addresses 2. PAT Means translate MANY addresses to ONE Address....

Read More
Cisco ASA5500 – L2TP over IPSEC VPN
Sep10

Cisco ASA5500 – L2TP over IPSEC VPN

KB ID 0000571 Problem When Cisco released version 7 of the operating system for PIX/ASA they dropped support for the firewall acting as a PPTP VPN device. Note: If you want to use PPTP you can still terminate PPTP VPNs on a Windows server, if you enable PPTP and GRE Passthrough on the ASA. But if you want to use the native Windows VPN client you can still use L2TP over IPSEC. I had a look around the net to work out how to do this and...

Read More
FirePOWER: ‘No Authentication Required’ No Usernames
Aug22

FirePOWER: ‘No Authentication Required’ No Usernames

KB ID 0001460 Problem When attempting to track Users with FirePOWER, the FMC would not show any usernames? Solution Theres a lot of reasons this might not work, let’s take a look at a few of them. Firstly make sure the server running the ‘user agent’ is listed under  System >Integration > Identity Sources > User Agent. It probably goes without saying, but over on server running the user agent, make sure it can see...

Read More
Cisco ASA: VPNs With Overlapping Subnets
Jun19

Cisco ASA: VPNs With Overlapping Subnets

KB ID 0001446 Problem I’ve seen this pop up a few times in forums, and I’ve even seen people post “It cant be done, you will need to change one of the subnets,”  but to be honest, it’s not that difficult. We simply have to do some NAT. This is the bit people struggle with, with VPNs usually we need to STOP NAT being applied to VPN traffic, and we still do, we simply NAT the traffic before we sent it over...

Read More
Cisco ASA ‘Ping Source?’
Jun13

Cisco ASA ‘Ping Source?’

KB ID 0001445 Problem To be honest, the title is a little misleading, on an ASA you can specify which interface to launch a ‘ping’ from, but that’s it. I found myself in a situation today where I was working on a client firewall and I was trying to bring up a VPN tunnel, and I did not have access to any of their machines, and nor did they, (hence the reason for the VPN tunnel!) Well we can’t use good old...

Read More
Cisco Stacking 2960-X Catalyst Switches
Jun05

Cisco Stacking 2960-X Catalyst Switches

KB ID 0001444 Problem You can stack up to 8 2960-X Switches*, you will require the stack modules and cables, (shown below).  *Note: If you are studying for an exam, and the question is StackWize the answer is 9. Solution Stack Modules: Power down the switch, remove the blanking plate and fit the module, then when powered on you can use a show inventory command to make sure the module has been detected correctly. Switch#show inventory...

Read More